[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Secure setup
From: |
Mathias de Riese |
Subject: |
Re: [Duplicity-talk] Secure setup |
Date: |
Thu, 16 Dec 2004 10:46:48 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913 |
Thomas Tempé (Johnix) wrote:
Should I set up a chrooted sshd on a non-standard port, with a
different /etc/passwd?
Should I create an account and mess with Pam so that the given user
cannot do anything else than use SCP?
I did something similar, but not with PAM: I set up a user with a special
script as shell. I wont publish it, but it basically checks, wether it
is called
with parameters
"-c scp -f /dir/where/the/backup/should/go"
"-c scp -t /dir/where/the/backup/should/go"
"-c ls /dir/where/the/backup/should/go"
In my case the client is not really untrusted. However, it uses an
unprotected ssh key
to perform a daily backup via cron.
I am not at all shure, wether my method is really secure. Just an idea.
Cheers,
Mathias